elf strings
v0.9.1
反向工程師更好的strings實用程序。
精靈串將在給定的二進制中編程讀取精靈二進制的字符串部分。這與Unix Unix實用strings相似,但是是為小精靈二進制的目的。
這意味著您可以獲取有關二進製字符串的合適信息,例如它們所居住的部分,部分中的偏移等等。該實用程序還具有“刪除” C ++符號的功能,迭代鏈接的庫和打印有關精靈的基本信息。
這對於在分析二進制時快速抓取字符串非常有用。
git clone https://github.com/LloydLabs/elf-strings
cd elf-strings
go build
-binary string
the path to the ELF you wish to parse
-demangle
demangle C++ symbols into their original source identifiers, prettify found C++ symbols (optional)
-hex
output the strings as a hexadecimal literal (optional)
-libs
show the linked libraries in the binary (optional)
-max-count uint
the maximum amount of strings that you wish to be output (optional)
-min uint
the minimum length of the string
-no-color
disable color output in the results
-no-human
don't validate that its a human readable string, this could increase the amount of junk.
-no-info
don't show any information about the binary
-no-trim
disable triming whitespace and trailing newlines
-offset
show the offset of the string in the section (default, recommended) (default true)
-output-file string
the path of the output file that you want to output to (optional)
-output-format string
the format you want to output as (optional, plain/json/xml) (default "plain")
一個例子抓住了echo實用程序中的字符串。
./elf-strings --binary=/bin/echo --min=4 --max-count=10
[+] Size: 31 kB
[+] Arch: x86_64
[+] Entry point: 0x401800
[+] Class: ELFCLASS64
[+] Byte order: LittleEndian
[.dynstr+0x0]: libc.so.6
[.dynstr+0xa]: fflush
[.dynstr+0x11]: __printf_chk
[.dynstr+0x1e]: setlocale
[.dynstr+0x28]: mbrtowc
[.dynstr+0x30]: strncmp
[.dynstr+0x38]: strrchr
[.dynstr+0x40]: dcgettext
[.dynstr+0x4a]: error
[.dynstr+0x50]: __stack_chk_fail
